PKI Consortium blog
Posts by tag DV
One Year Certs
July 9, 2020 by
Patrick Nohe
(GlobalSign)
Apple
CA/Browser Forum
DV
Google
Identity
Microsoft
PKI
Policy
Root Program
SHA1
SHA2
SSL/TLS
Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.
The Insecure Elephant in the Room
October 10, 2019 by
Paul Walsh
2FA
Android
Attack
Chrome
DV
Encryption
EV
Firefox
Google
Identity
Malware
Microsoft
Mozilla
Phishing
Policy
Revocation
SSL/TLS
Vulnerability
W3C
The purpose of this article The purpose of this article is to demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better.
Some people seem to find it difficult to consume my thoughts about the enforcement of “HTTPS EVERYWHERE”, free DV certs and the browser padlock.
Why Are You Removing Website Identity, Google and Mozilla?
August 27, 2019 by
Kirk Hall
(Entrust),
Tim Callan
(Sectigo)
CA/Browser Forum
Chrome
DV
Encryption
EV
Firefox
GDPR
Google
Identity
Malware
Mozilla
Phishing
SSL/TLS
You can’t have consumer privacy without having strong website identity Today there’s a huge wave toward protecting consumer privacy – in Congress, with the GDPR, etc. – but how can we protect user privacy on the web without establishing the identity of the websites that are asking for consumer passwords and credit card numbers? Extended Validation (EV) certificates provide this information and can be very useful for consumers.
Recently, Google and Mozilla have announced plan to eliminate the distinctive indicators in the Chrome and Firefox browsers that let consumers know that they are looking at a site authenticated with an EV certificate.
2019 – Looking Back, Moving Forward
January 3, 2019 by
Bruce Morton
(Entrust)
Attack
CA/Browser Forum
Certificate Expiry
Chrome
Code Signing
DV
ECC
EV
Forward Secrecy
Identity
Mis-issued
Phishing
PKI
Policy
Qualified
Revocation
RSA
SSL/TLS
TLS 1.0
TLS 1.3
Vulnerability
Looking Back at 2018 2018 was an active year for SSL/TLS. We saw the SSL/TLS certificate validity period drop to 825-days and the mass deployment of Certificate Transparency (CT). TLS 1.3 protocol was finally completed and published; and Chrome status bar security indicators changing to remove “secure” and to concentrate on “not secure.” The CA/Browser Forum has been reformed, the London Protocol was announced and the nearly full distrust of Symantec SSL completed.
CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly
December 6, 2018 by
Bruce Morton
(Entrust),
Chris Bailey
(Entrust),
Jay Schiavo
(Entrust)
Apple
Attack
CASC
Chrome
DV
Encryption
EV
Firefox
Google
Identity
IETF
Malware
Microsoft
Phishing
SSL/TLS
TLS 1.0
TLS 1.2
TLS 1.3
As the legendary coach of the NY Yankees Yogi Berra allegedly said, “It’s difficult to make predictions, especially about the future.” But we’re going to try.
Here are the CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly.
The Good Prediction: By the end of 2019, over 90% of the world’s http traffic will be secured over SSL/TLS
Encryption boosts user security and privacy, and the combined efforts of browsers and Certification Authorities (CAs) over the past few years have moved us rapidly to a world approaching 100% encryption.
CASC Announces Launch of London Protocol to Improve Identity Assurance and Minimize Phishing on Identity Websites
June 27, 2018 by
CA Security Council
Attack
CA/Browser Forum
CASC
DV
EV
Identity
OV
Phishing
SSL/TLS
LONDON – (June 27, 2018) – The Certificate Authority Security Council (CASC), an advocacy group committed to the advancement of the security of websites and online transactions, announced at the CA/Browser Forum event in London the launch of the London Protocol – an initiative to improve identity assurance and minimize the possibility of phishing activity on websites encrypted with organization validated (OV) and extended validation (EV) certificates, which contain organization identity information (Identity Certificates).
The London Protocol
June 27, 2018 by
CA Security Council
DV
EV
Identity
OV
Phishing
The objective of The London Protocol is to improve identity assurance and minimize the possibility of phishing activity on websites encrypted by OV (organization validated) and EV (extended validation) certificates (together referred to as “Identity Websites”). The London Protocol reinforces the distinction between Identity Websites making them even more secure for users than websites encrypted by DV (domain validated) certificates. That security feature can then be utilized by others for their own security purposes, including informing users as to the type of website they are visiting and use by antiphishing engines and browser filters in their security algorithms.
How Browser Security Indicators Can Protect You from Phishing
June 6, 2017 by
Chris Bailey
(Entrust),
Kirk Hall
(Entrust)
Chrome
DV
Encryption
EV
Google
Identity
Phishing
SSL/TLS
The media is full of stories about how phishing sites are moving rapidly to encryption using anonymous, free DV certificates they use to imitate login pages for popular sites, such as paypal.com.
As noted in the article PayPal Phishing Certificates Far More Prevalent than Previously Thought, more than 14,000 DV SSL certificates have been issued to PayPal phishing sites since the start of 2016. Based on a random sample, 96.
Google Certificate Transparency (CT) to Expand to All Certificates Types
November 8, 2016 by
Jeremy Rowley
Announcement
CA/Browser Forum
Chrome
DV
EV
Google
IETF
OV
Policy
SSL/TLS
The policy change goes into effect October 2017 A recent Google announcement stated that all publicly trusted SSL/TLS certificates issued in October 2017 or later will be expected to comply with Chrome’s Certificate Transparency (CT) policy or be untrusted by the browser.
Since January 2015, Chrome has required Extended Validation (EV) certificates to comply with CT. With this policy change, the Chrome CT policy will also apply to Domain Validated (DV) and Organization Validated (OV) certificates.
What Kind of SSL/TLS Certificate do You Need?
May 12, 2016 by
Ben Wilson
DV
EV
SSL/TLS
In previous blog posts we have discussed the differences among the various types of SSL/TLS certificates available. In this blog post we introduce you to a new infographic that has a decision tree to help you select the right kind of certificate for your needs. In most cases you will need a publicly trusted certificate, but the decision tree notes that one type of certificate is the private trust certificate, which can be obtained and used in situations where a publicly trusted certificate cannot be used.